Re: Autoload from a web page?

From:

Lennart Borgman

Subject:

Re: Autoload from a web page?

Date:

Mon, 4 Jan 2010 03:26:45 +0100

On Sat, Jan 2, 2010 at 4:45 PM, Richard Stallman <address@hidden> wrote:
> In this scenario the user wants to download a package, but he may not
> want all of it at once. It is just like autoloading locally, but with
> the difference that the files are loaded from the web (in a well
> defined manner).
>
> This difference is precisely the problem.
> Autoloading from files on disk gives you the chance
> to edit those files.
> Autoloading from a server means you can't do so.
I have added an optional pause in the download where the user may
check the file before it is byte compiled and used.
> Yes, I understand that and I read about the problem with javascript.
> The same problems can not arise here since the user will be in control
> of where to download files from. Unlike the situation with javascript
> a single site (or a list of well defined sites) will be where the
> download comes from.
>
> I see your argument, that it is the user who decides to load from
> those files. But I'm not convinced this makes it ok, because it would
> be easy for programs to do this without the user's knowing about it.
> If we want to be safe, we need to tell users to watch out for this
> as a danger sign.
Yes, of course. The user must trust the sources. And be able to have a
look at them before using them.
I have implemented this incremental installing now for nXhtml. The
sources are in Launchpad so the user can have a look at them before
downloading. And during the download is another chance.
As I said before there is no contract, no API, for how two access
files from Launchpad this way. A bit unfortunate, but it is still
possible to do use the web interface this way. To make it more
reliable would not take much (but requires cooperation).
Something like ELPA might stand for the necessary API (beside
cooperation, version dependence etc).
Some people argued that downloading files as you need them is not
useful. I think it can be. If something like this was used for ELPA
then different people could depend on each others files. Those who
provides the elisp files would not have to tell others to download
this and that. It would be downloaded automatically. And the sources
could be anywhere (as long as they are trusted).
But as RMS pointed out this has security implications so it could only
be used for reviewed and trusted files/sources. So this would be (IMO)
a special groups of files in ELPA.
If anyone wants to test then please go to
http://www.emacswiki.org/cgi-bin/wiki/NxhtmlMode and follow the
instructions for web-vcs.el there.
If you do you could for example try commands like
M-x resize-windows
open and html file
M-x n-back-game
or anything from the nXhtml menu (do M-x nxhtml-minor-mode if it is not shown).
And please tell me who it works and how you want it to work, it is a
bit beta still ... ;-)